Cyber Posture

CWE · MITRE source

CWE-117Improper Output Neutralization for Logs

Abstraction: Base · CVEs in our corpus: 93

The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (2)AI

Control Title Family Why it addresses this CWE
AU-1Policy and ProceduresAUPolicy and procedures require sanitization and neutralization when generating audit logs to avoid injection issues.
SI-15Information Output FilteringSIRequiring output to conform to expected content prevents unneutralized data from reaching logs.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2023-463212.09.80.00342023-10-23
CVE-2023-463222.09.80.00342023-10-23
CVE-2024-290221.88.80.00112024-04-12
CVE-2024-00951.89.00.00502024-06-13
CVE-2026-255481.89.10.00202026-02-18
CVE-2023-327121.78.60.00302023-06-01
CVE-2023-39971.78.60.00072023-07-31
CVE-2023-45711.78.60.00082023-08-30
CVE-2024-250471.78.60.00062024-05-02
CVE-2024-470831.77.50.02822024-09-25
CVE-2019-148461.67.80.00122019-10-08
CVE-2022-221511.68.10.00352022-03-11
CVE-2025-575641.68.20.00102025-10-07
CVE-2020-256461.57.50.00502020-10-29
CVE-2024-324741.57.30.00732024-04-18
CVE-2025-271111.57.50.00672025-03-04
CVE-2024-96061.57.50.00312025-03-20
CVE-2025-548131.57.50.00252025-08-22
CVE-2026-344781.57.50.00152026-04-10
CVE-2019-148641.46.50.00892020-01-02
CVE-2025-251841.46.50.01042025-02-12
CVE-2024-139491.46.80.00252025-05-22
CVE-2025-597841.47.20.00062026-03-04
CVE-2019-102131.36.50.00432019-11-25
CVE-2019-148541.36.50.00342020-01-07